In last week's story about the New York Times breach, you read that the best-selling anti-virus system failed entirely. Every organization that has gone through a targeted attack learns that same lesson and - too late - develops an in-house forensics and threat analysis capability. (The commercial incident handling companies charge as much as $1,000 an hour after you get breached). The principal hands-on course that teaches how is SANS FOR508: Advanced Forensics and Incident Response.

SANS did a similar test earlier this year when creating the core incident exercise for FOR508 and had the exact same results with McAfee EPO installed on our network.

"Rob Lee is a master of the subject matter. The material is presented in a way that is understandable. Rob is also charismatic enough to make the course enjoyable."- Erik Ketlet, JP Morgan Chase

"A great course on timeline, registry, and restore point forensics. SANS is continuing to be the leader on teaching new techniques happening with forensics."- Brad Garnett, Gibson County Sherrif's Dept.